[Shorewall-users] auto-blacklist

Guy Marcenac guy at posteurs.com
Wed Feb 2 13:40:09 PST 2005


Eric Esterle wrote:
> I have been getting a lot of dictionary attacks against my server and 
> want to automatically add the IP address of the offender when their 
> failed SSH login attempts are equal to five or more.  I was just going 
> to write a dumb BASH script to do this unless there is a more 
> intelligent way?

Maybe you could have a look here as a beginning for your script 
http://www.linuxmafia.com/pub/linux/security/ssh-dictionary-attack-blacklist
http://www.linuxmafia.com/pub/linux/security/sshd_sentry/sshd_sentry

-- 
guy marcenac


More information about the Shorewall-users mailing list